Installations

npm install koa-session-minimal

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

>= 14

Node Version

18.0.0

NPM Version

8.6.0 Score

68.9

Supply Chain

99.3

Quality

75.5

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

0

Total

13

Closed

9

Merged

4

Issues

Open

0

Total

12

Closed

12

Releases

16

v4.0.3

Published on 31 Jul 2022

v4.0.2

Published on 01 Mar 2022

v4.0.1

Published on 22 Dec 2020

v4.0.0

Published on 13 Apr 2020

Release v3.0.4

v3.0.4

Published on 27 Apr 2017

Release v3.0.3

v3.0.3

Published on 29 Dec 2016

View all 16 releases

Contributors

2

Unable to fetch Contributors

View all 2 contributors

Languages

1

JavaScript

JavaScript (100%)

Developer

longztian

Download Statistics

Total Downloads

265,083

Last Day

9

Last Week

78

Last Month

797

Last Year

16,889

GitHub Statistics

75 Stars

96 Commits

13 Forks

3 Watching

1 Branches

2 Contributors

Bundle Size

5.26 kB

Minified

1.92 kB

Minified + Gzipped

Bundlephobia

Maintainers

1

Package Meta Information

Latest Version

4.0.3

Package Id

koa-session-minimal@4.0.3

Unpacked Size

11.58 kB

Size

4.55 kB

File Count

6

NPM Version

8.6.0

Node Version

18.0.0

Total Downloads

Cumulative downloads

Total Downloads

265,083

Last day

-70%

9

Compared to previous day

Last week

-64.5%

78

Compared to previous week

Last month

-44.6%

797

Compared to previous month

Last year

-29.6%

16,889

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

3

co fast-deep-equal uid-safe

Dev Dependencies

9

chai eslint eslint-config-airbnb-base eslint-plugin-import koa koa-redis mocha nyc supertest

Versions

koa-session-minimal

Native Koa 2 session middleware, inspired by and compatible with koa-generic-session. This can be used as a drop-in replacement for koa-generic-session in Koa 2.

This rewrite implements koa-generic-session's essential interfaces, with around 100 lines of code in ES6. It supports existing session stores for koa-generic-session.

Version 4+ requires node 8+. Please use v3.0.4 for node versions older than 8.

Minimum features and storage usage

This middleware guarantees the following:

Minimum data generation and storage. No session data modification / pollution.
- Neither a cookie nor a session store record is created unless session data gets populated by other middlewares.
- Cookie options are not saved in the ctx.session object or session store (try to address this concern).
Minimum updates on cookie and session store. Cookie and session store only get updated when session data has been changed.
- When ctx.session gets updated (is a non-empty object), cookie and store data will be updated with new values and new expiration time (maxAge).
- When ctx.session gets cleared ( = {} or null ), cookie and store data will be deleted.
- If a session has not been updated within maxAge, its data will be expired.
Minimum public interfaces and configuration options.
- Cookie options: maxAge, path, domain, secure, httpOnly
- Session interfaces: session, sessionHandler { regenerateId() }
- Store interfaces: get(), set(), destroy()

Installation

1$ npm install koa-session-minimal

Usage

1const Koa = require('koa')
2const session = require('koa-session-minimal')
3const redisStore = require('koa-redis')
4
5const app = new Koa()
6
7app.use(session({
8  store: redisStore()
9}))
10
11// count middleware, increment when url = /add
12app.use(async (ctx, next) => {
13  ctx.session.count = ctx.session.count || 0
14  if (ctx.path === '/add') ctx.session.count++
15
16  await next()
17
18  ctx.body = ctx.session.count
19})
20
21app.listen(3000)

Interfaces

session data via ctx.session (the same way as koa-generic-session)
session methods via ctx.sessionHandler
- regenerateId(): regenerate session id

Options

key: session cookie name and store key prefix
store: session store
cookie: cookie options, can be an object (static cookie options) or a function that returns an object (dynamic cookie options). Only maxAge, path, domain, secure, httpOnly are supported as option keys (see option details in cookies module).

Session expiration

Default session has settings cookie.maxAge = 0 for cookie and ttl = ONE_DAY for session store, means that a session will be expired in one of the following circumstances:

A user close the browser window (transient cookie ends)
Session data hasn't been updated within ONE_DAY (storage expires)

With settings that cookie.maxAge > 0, the ttl for store data will be always the same as maxAge.

Dynamic session expiration (cookie options)

When setting cookie option to a plain object, all sessions will use the same cookie options. If a function is assigned to cookie, cookie options will be dynamically calculated at each (non-empty) session's saving stage. For example, you can use an arrow function to set different maxAge for user and guest sessions, as below:

1session({
2  cookie: ctx => ({
3    maxAge: ctx.session.user ? ONE_MONTH : 0
4  })
5})

Session security

Middlewares are recommended to call sessionHandler.regenerateId() during authentication state change (login). This middleware provides the essential interface, It will be other middleware's decision on when and how often they want to roll the session id.

NOTE: Below is mostly copied from koa-generic-session's README, because the two middlewares share the same store interfaces. Any store that implements koa-generic-session's store interfaces should also work with koa-session-minimal. koa-redis is tested as an example in test/store_redis.test.js

Session store

You can use any other store to replace the default MemoryStore, it just needs to follow this api:

get(sid): get session object by sid
set(sid, sess, ttl): set session object for sid, with a ttl (in ms)
destroy(sid): destroy session for sid

the api needs to return a Promise, Thunk, generator, or an async function.

Stores presented

koa-redis to store your session data with redis.
koa-mysql-session to store your session data with MySQL.
koa-generic-session-mongo to store your session data with MongoDB.
koa-pg-session to store your session data with PostgreSQL.
koa-generic-session-rethinkdb to store your session data with ReThinkDB.
koa-sqlite3-session to store your session data with SQLite3.
koa-generic-session-sequelize to store your session data with the Sequelize ORM.

License

MIT

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

3

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

SAST

Determines if the project uses static code analysis.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

Score

2.1

/10

Last Scanned on 2025-01-27

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to koa-session-minimal

koa-session-minimal

Installations

Developer Guide

No

CommonJS

>= 14

18.0.0

8.6.0

Score

Pull Requests

0

13

9

4

Issues

0

12

12

Releases

Contributors

Unable to fetch Contributors

Languages

Developer

longztian

Download Statistics

GitHub Statistics

Bundle Size

5.26 kB

1.92 kB

Maintainers

Package Meta Information

Total Downloads

265,083

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

koa-session-minimal

Minimum features and storage usage

Installation

Usage

Interfaces

Options

Session expiration

Dynamic session expiration (cookie options)

Session security

Session store

Stores presented

License

10

10

3

0

0

0

0

0

0

0

2.1

/10